Cheat Engine

[Ataegina]

Hello, for the last few days Ï've been obsessed with making myself a tool to aid me in doing some tedious tasks. To be clear, I'm against cheating in multiplayer games and I've never done it; I'm not even playing this particular game anymore, it's just more of a challenge/achievement for me now. My idea is simple: read some game variables from the memory and simulate user input accordingly. So, I've spent quite some time on pointer scanning and ended up with only one pointer, which works, but isn't 100% stable (some random trash 'flickering', it's only lvl5 pointer, and a lucky one I think; no other variables could be found up to 7th lvl and higher ones take ages and tons of space).
I have some questions. First, is there a possibility that I'll never be able to get static addresses of every obvious value, like position or HP, due to AIR being JiT or some other reasons? Can the pointers be, say, lvl 15, which would be inaccessible for me? Does the game have to be running for the entire duration of scanning? There's more, but I can't remember them all now
And here's another idea of mine that I'd like to get evaluated. I've only recently heard about AOB. Let's say I get to the point in the assembly that updates the player's HP. I inject instructions that copies the value that is currently in a register to some >known< space in memory, like Game.exe + 0xZZZZZ or THREADSTACKx + 0xYYYY so I don't have to worry about the pointers anymore, just run the script and then my own tool. Now, if this isn't fantasy enough, how could I know where exactly to put it? Is it doable?

[Ataegina]

Could anyone answer at least some of these questions please?

[ParkourPenguin]

http://forum.cheatengine.org/viewtopic.php?t=572465

[Ataegina]

Thank you, never saw this one, very useful. But if I do this trick with globalalloc and _playerbase, can I access this variable outside of CE?

[ParkourPenguin]

Not easily, but if you're building your own trainer, you can hook the instruction the same way you would in CE.

[Ataegina]

I'm working from inside an injected DLL. Could you please tell me how to do this (accessing the _playerbase variable), or where to get started on this topic?

[ParkourPenguin]

https://www.youtube.com/watch?v=2CY_NBSwcWg

If you can find a code cave inside a module that's always loaded, you can simply store your address there. CE can help you find code caves (Memory View -> Tools -> Scan for code caves). Remember that you might have to change the protection on that page.

However, if you're planning on using CE to find that address, what's the point of injecting a dll in the first place? Just use one or the other, not both.

[Ataegina]

Thanks again, I'll study that.
And what's wrong with injecting a dll? Of course I find the addresses with CE, but I need to do some things with them programmatically, not from inside a script.

[ParkourPenguin]

There's nothing wrong with injecting a dll. It's just that having to use both CE and injecting a dll whenever you need to do anything is more work than what you could be doing. Either hook that instruction in your dll and get the address that way, or just use an AA script in CE for whatever you're doing. Assembly is a programming language too.

[Ataegina]

I've just started getting into this hooking thing. If it's so easy to get the address this way without CE, that's fine . What I intend to do is a job for a high level language, I think.

One other thing, is there a way to automatically change the page protection?

EDIT: Ok, I got it. fullAccess(address,size)